MVC Pro-Tip: Anti-Forgery Cookie Token And Form Field Token Do Not Match

11 June 2015

Just a really quick thing for you to check - one of the users of a MVC admin system I administer complained that they were getting this error message, after a release:

System.Web.Mvc.HttpAntiForgeryException: The anti-forgery cookie token and form field token do not match.

It turns out they hadn't logged out and back in again since the release - as we are hosting the website on Azure, the machine key (which the AntiForgery stuff uses to validate) would have changed post-release, which is what was causing the issue.

Long story short, if you are getting this exception, it's worth seeing if refreshing your authentication / credentials will solve the issue.

Tags: MVC, HttpAntiForgeryException

Add a Comment